Information Security Aspects of Business Continuity Management Sample Clauses

Information Security Aspects of Business Continuity Management a. Maintaining a business continuity and disaster recovery plan. b. Reviewing and testing this plan annually.
View SourceView Similar (5)
Information Security Aspects of Business Continuity Management. The company identifies and documents its obligations to external authorities and other third parties in relation to information security, including intellectual property, accounting documentation and privacy information.
View SourceView Similar (5)
Information Security Aspects of Business Continuity Management. To embed information security continuity in Convercent’s business continuity management systems. To ensure availability of information processing facilities. Third party integrations are provided by third parties and not subject to Convercent’s security program. Third parties or Customer may submit Personal Data to the Services, the extent of which is neither determined nor controlled by Convercent, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:  Clients, customers, business partners, and vendors of Customer (who are natural persons)  Customer employees, officers, directors, contractors, agents, consultants, and contact persons of Customer’s third-party suppliers, business partners, and vendors whose personal information is shared with Convercent for the purpose of providing and using the privacy management softwareCustomer users authorized by Customer to use the relevant Services  Any third party making a report through the Services regarding Customer  Other [Customer may elect to include additional data subjects defined here] Third parties or Customer may submit Personal Data to the Services, the extent of which is neither determined nor controlled by Convercent, and which may include, but is not limited to the following categories of Personal Data:  The Personal Data processed is personal data provided by Customer and processed by Convercent in the course of providing the Software and Services.  The personal data processed may concern the following categories of data:  Identification data  Personal characteristics  Physical details  Profession and employment  Other [To be defined by Customer] Except as otherwise provided herein, the personal data processed will not include sensitive personal data including information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, government issued identification numbers, credit card details, health or medical records and criminal records. To the extent Customer elects to upload special categories of data, Customer does so at its own risk. Personal Data may concern the following special categories of data:  'Whistleblowing' reports could, theoretically, include reference to an individual's race or ethnic origin, political opinion, religious or philosophical belief, trade union membership, health, sex life, or sexual orientation.  Allegations or concerns could, theor...
View Source
Information Security Aspects of Business Continuity Management a. Vendor shall maintain emergency and contingency plans for the facilities in which Vendor information systems that process Scoped Data are located. To ensure that they are valid and effective during adverse situations, Vendor shall verify the established and implemented information security continuity controls at regular intervals. b. Vendorʼs redundant storage and its procedures for recovering data shall be designed to reconstruct Scoped Data in its original state from before the time it was lost or destroyed.
View Source
Information Security Aspects of Business Continuity Management. Establishes business continuity framework and defines how OneTrust should recover its IT architecture and IT services within set deadlines in the event of a disaster or other disruptive incident. • Ensures data backup for cloud-hosted implementations. • Maintains a business continuity plan and ensures annual technical and tabletop tests.
View Source
Information Security Aspects of Business Continuity Management 
View SourceView Similar (26)

Related to Information Security Aspects of Business Continuity Management

  • Information and Services Required of the Owner The Owner shall provide information with reasonable promptness, regarding requirements for and limitations on the Project, including a written program which shall set forth the Owner’s objectives, constraints, and criteria, including schedule, space requirements and relationships, flexibility and expandability, special equipment, systems, sustainability and site requirements.

  • MANAGEMENT OF EVALUATION OUTCOMES 12.1 Where the Employer is, any time during the Employee’s employment, not satisfied with the Employee’s performance with respect to any matter dealt with in this Agreement, the Employer will give notice to the Employee to attend a meeting; 12.2 The Employee will have the opportunity at the meeting to satisfy the Employer of the measures being taken to ensure that his performance becomes satisfactory and any programme, including any dates, for implementing these measures; 12.3 Where there is a dispute or difference as to the performance of the Employee under this Agreement, the Parties will confer with a view to resolving the dispute or difference; and 12.4 In the case of unacceptable performance, the Employer shall – 12.4.1 Provide systematic remedial or developmental support to assist the Employee to improve his performance; and 12.4.2 After appropriate performance counselling and having provided the necessary guidance and/or support as well as reasonable time for improvement in performance, the Employer may consider steps to terminate the contract of employment of the Employee on grounds of unfitness or incapacity to carry out his or her duties.

  • Obligations and Activities of Business Associates (1) Business Associate agrees not to use or disclose PHI other than as permitted or required by this Section of the Contract or as Required by Law. (2) Business Associate agrees to use and maintain appropriate safeguards and comply with applicable HIPAA Standards with respect to all PHI and to prevent use or disclosure of PHI other than as provided for in this Section of the Contract and in accordance with HIPAA Standards. (3) Business Associate agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of electronic Protected Health Information that it creates, receives, maintains, or transmits on behalf of the Covered Entity. (4) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of PHI by Business Associate in violation of this Section of the Contract. (5) Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by this Section of the Contract or any Security Incident of which it becomes aware. (6) Business Associate agrees, in accordance with 45 C.F.R. 502(e)(1)(ii) and 164.308(d)(2), if applicable, to ensure that any subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate, agree to the same restrictions, conditions, and requirements that apply to the business associate with respect to such information. (7) Business Associate agrees to provide access (including inspection, obtaining a copy or both), at the request of the Covered Entity, and in the time and manner designated by the Covered Entity, to PHI in a Designated Record Set, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524. Business Associate shall not charge any fees greater than the lesser of the amount charged by the Covered Entity to an Individual for such records; the amount permitted by state law; or the Business Associate’s actual cost of postage, labor and supplies for complying with the request. (8) Business Associate agrees to make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of the Covered Entity, and in the time and manner designated by the Covered Entity. (9) Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created, maintained, transmitted or received by, Business Associate on behalf of Covered Entity, available to Covered Entity or to the Secretary in a time and manner agreed to by the parties or designated by the Secretary, for purposes of the Secretary investigating or determining Covered Entity’s compliance with the HIPAA Standards. (10) Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. (11) Business Associate agrees to provide to Covered Entity, in a time and manner designated by the Covered Entity, information collected in accordance with subsection (g)(10) of this Section of the Contract, to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. Business Associate agrees at the Covered Entity’s direction to provide an accounting of disclosures of PHI directly to an individual in accordance with 45 C.F.R. § 164.528 and section 13405 of the HITECH Act (42 U.S.C. § 17935) and any regulations promulgated thereunder. (12) Business Associate agrees to comply with any State or federal law that is more stringent than the Privacy Rule. (13) Business Associate agrees to comply with the requirements of the HITECH Act relating to privacy and security that are applicable to the Covered Entity and with the requirements of 45 C.F.R. §§ 164.504(e), 164.308, 164.310, 164.312, and 164.316. (14) In the event that an Individual requests that the Business Associate (A) restrict disclosures of PHI; (B) provide an accounting of disclosures of the Individual’s PHI; (C) provide a copy of the Individual’s PHI in an Electronic Health Record; or (D) amend PHI in the Individual’s Designated Record Set the Business Associate agrees to notify the Covered Entity, in writing, within five Days of the request. (15) Business Associate agrees that it shall not, and shall ensure that its subcontractors do not, directly or indirectly, receive any remuneration in exchange for PHI of an Individual without (A) the written approval of the Covered Entity, unless receipt of remuneration in exchange for PHI is expressly authorized by this Contract and (B) the valid authorization of the Individual, except for the purposes provided under section 13405(d)(2) of the HITECH Act, (42 U.S.C. § 17935(d)(2)) and in any accompanying regulations. (16) Obligations in the Event of a Breach. (A) The Business Associate agrees that, following the discovery by the Business Associate or by a subcontractor of the Business Associate of any use or disclosure not provided for by this section of the Contract, any breach of Unsecured protected health information, or any Security Incident, it shall notify the Covered Entity of such Breach in accordance with Subpart D of Part 164 of Title 45 of the Code of Federal Regulations and this Section of the Contract. (B) Such notification shall be provided by the Business Associate to the Covered Entity without unreasonable delay, and in no case later than 30 days after the Breach is discovered by the Business Associate, or a subcontractor of the Business Associate, except as otherwise instructed in writing by a law enforcement official pursuant to 45 C.F.R. 164.412. A Breach is considered discovered as of the first day on which it is, or reasonably should have been, known to the Business Associate or its subcontractor. The notification shall include the identification and last known address, phone number and email address of each Individual (or the next of kin of the individual if the Individual is deceased) whose Unsecured protected health information has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such Breach. (C) The Business Associate agrees to include in the notification to the Covered Entity at least the following information: 1. A description of what happened, including the date of the Breach; the date of the discovery of the Breach; the unauthorized person, if known, who used the PHI or to whom it was disclosed; and whether the PHI was actually acquired or viewed. 2. A description of the types of Unsecured protected health information that were involved in the Breach (such as full name, Social Security number, date of birth, home address, account number, or disability code). 3. The steps the Business Associate recommends that Individual(s) take to protect themselves from potential harm resulting from the Breach. 4. A detailed description of what the Business Associate is doing or has done to investigate the Breach, to mitigate losses, and to protect against any further Breaches. 5. Whether a law enforcement official has advised the Business Associate, either verbally or in writing, that he or she has determined that notification or notice to Individuals or the posting required under 45 C.F.R.

  • Responsibilities of Business Associate Business Associate agrees:

  • SERVICE MONITORING, ANALYSES AND ORACLE SOFTWARE 11.1 We continuously monitor the Services to facilitate Oracle’s operation of the Services; to help resolve Your service requests; to detect and address threats to the functionality, security, integrity, and availability of the Services as well as any content, data, or applications in the Services; and to detect and address illegal acts or violations of the Acceptable Use Policy. Oracle monitoring tools do not collect or store any of Your Content residing in the Services, except as needed for such purposes. Oracle does not monitor, and does not address issues with, non-Oracle software provided by You or any of Your Users that is stored in, or run on or through, the Services. Information collected by Oracle monitoring tools (excluding Your Content) may also be used to assist in managing Oracle’s product and service portfolio, to help Oracle address deficiencies in its product and service offerings, and for license management purposes. 11.2 We may (i) compile statistical and other information related to the performance, operation and use of the Services, and (ii) use data from the Services in aggregated form for security and operations management, to create statistical analyses, and for research and development purposes (clauses i and ii are collectively referred to as “Service Analyses”). We may make Service Analyses publicly available; however, Service Analyses will not incorporate Your Content, Personal Data or Confidential Information in a form that could serve to identify You or any individual. We retain all intellectual property rights in Service Analyses. 11.3 We may provide You with the ability to obtain certain Oracle Software (as defined below) for use with the Services. If we provide Oracle Software to You and do not specify separate terms for such software, then such Oracle Software is provided as part of the Services and You have the non-exclusive, worldwide, limited right to use such Oracle Software, subject to the terms of this Agreement and Your order (except for separately licensed elements of the Oracle Software, which separately licensed elements are governed by the applicable separate terms), solely to facilitate Your use of the Services. You may allow Your Users to use the Oracle Software for this purpose, and You are responsible for their compliance with the license terms. Your right to use any Oracle Software will terminate upon the earlier of our notice (by web posting or otherwise) or the end of the Services associated with the Oracle Software. Notwithstanding the foregoing, if Oracle Software is licensed to You under separate terms, then Your use of such software is governed by the separate terms. Your right to use any part of the Oracle Software that is licensed under the separate terms is not restricted in any way by this Agreement.